We use Terraform a lot either to test our own infrastructure or deploy projects within DownToZero.
Since DTZ is supported as provider we started implementing projects on top of it. One thing that regualarly was coming up is the location of the state file. Checking the state in the git repo is usually not a good idea (although it still better than keeping it local), but having some for of remote state helps a lot with running TF in pipelines and making the state independent of the project.
Looking at our options for remote state, there is quite a list behind this. Sadly most of them are bound to cloud providers which is not really helpful to us at the moment. There is however the generic http backend provider.
Looking at this provider we found that we can use this provider to connect to our objectstore and use our own system for persisting the state file.
And this is what it would look like.
terraform {
required_providers {
dtz = {
source = "DownToZero-Cloud/dtz"
version = ">= 0.1.24"
}
}
backend "http" {
address = "http://objectstore.dtz.rocks/api/2022-11-28/obj/tf-test/state.tfstate"
update_method = "PUT"
username = "apikey"
password = var.apikey
}
}
Leider funktioniert das Locking nicht, da es einige Implementierungsdetails gibt, die mit unserem Objectstore nicht kompatibel sind.
Der Objectstore unterstützt die HTTP-Methoden LOCK und UNLOCK nicht (obwohl dies im Provider anpassbar ist).
Die weitere Einschränkung ist der Rückgabecode: Der Objectstore gibt immer einen HTTP-201 (CREATED)-Status zurück, wenn das Objekt gespeichert wurde. Der Terraform-Provider hingegen prüft nur auf HTTP-200 (OK). Es gibt bereits ein offenes Issue und einen Pull-Request dazu, aber beide sind seit Jahren offen. Daher würde ich nicht in naher Zukunft mit einer Behebung rechnen.